Reference no: EM132292281
GOAL:
Analyze the provided memory (KobayashiMaru.vmem) file for malicious activity.
You can use tools designed for memory forensics if you wish to analyze the memory and Volatility or Autopsy. However, at a minimum you should answer and provide proof screenshots and/or reasoning to these questions.
1. What operating system is the computer using? What version?
2. How much RAM is included in the analysis?
3. View the running processes. Does this look like your average box? a. What processes look abnormal? What makes them abnormal?
4. Can you find user account names? Passwords?
5. View the Dynamically Linked Libraries. Does this look like your average box? a. What DLLs look abnormal?
6. Can you associate any Processes (PIDs), DLLs, and executables?
7. View the files associated with the processes. a. Do any files or file paths look abnormal? Reference the file path if available.
8. Explain what you think happened to this box.
Attachment:- Activity.rar